Browse Source
reset: set v4/v6 default policies to ACCEPT and drop user chains (#12552)
pull/12436/head
Sassan torabkheslat
1 week ago
committed by
GitHub
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with
37 additions and
0 deletions
-
roles/reset/tasks/main.yml
|
|
|
@ -188,6 +188,18 @@ |
|
|
|
tags: |
|
|
|
- mounts |
|
|
|
|
|
|
|
- name: Set IPv4 iptables default policies to ACCEPT |
|
|
|
iptables: |
|
|
|
chain: "{{ item }}" |
|
|
|
policy: ACCEPT |
|
|
|
with_items: |
|
|
|
- INPUT |
|
|
|
- FORWARD |
|
|
|
- OUTPUT |
|
|
|
when: flush_iptables | bool and ipv4_stack |
|
|
|
tags: |
|
|
|
- iptables |
|
|
|
|
|
|
|
- name: Flush iptables |
|
|
|
iptables: |
|
|
|
table: "{{ item }}" |
|
|
|
@ -201,6 +213,25 @@ |
|
|
|
tags: |
|
|
|
- iptables |
|
|
|
|
|
|
|
- name: Delete IPv4 user-defined chains # noqa command-instead-of-module |
|
|
|
command: iptables -X |
|
|
|
when: flush_iptables | bool and ipv4_stack |
|
|
|
tags: |
|
|
|
- iptables |
|
|
|
|
|
|
|
- name: Set IPv6 ip6tables default policies to ACCEPT |
|
|
|
iptables: |
|
|
|
chain: "{{ item }}" |
|
|
|
policy: ACCEPT |
|
|
|
ip_version: ipv6 |
|
|
|
with_items: |
|
|
|
- INPUT |
|
|
|
- FORWARD |
|
|
|
- OUTPUT |
|
|
|
when: flush_iptables | bool and ipv6_stack |
|
|
|
tags: |
|
|
|
- ip6tables |
|
|
|
|
|
|
|
- name: Flush ip6tables |
|
|
|
iptables: |
|
|
|
table: "{{ item }}" |
|
|
|
@ -215,6 +246,12 @@ |
|
|
|
tags: |
|
|
|
- ip6tables |
|
|
|
|
|
|
|
- name: Delete IPv6 user-defined chains # noqa command-instead-of-module |
|
|
|
command: ip6tables -X |
|
|
|
when: flush_iptables | bool and ipv6_stack |
|
|
|
tags: |
|
|
|
- ip6tables |
|
|
|
|
|
|
|
- name: Clear IPVS virtual server table |
|
|
|
command: "ipvsadm -C" |
|
|
|
ignore_errors: true # noqa ignore-errors |
|
|
|
|
